It has the side effect of sending more manufacturing (and publishing) overseas in order for the manufacturer to build in their own First Sale exemption.
Publish in London, (even if you Print in the US) and hang that little "Not for Resale" sticker on every book you print. Package your game disks in Korea, and forbid resale outright.
This should be addressed in Congress, but unfortunately they are too busy stripping our other rights to worry about this issue.
FBI is not prohibited from "meddling in our publications".
The first amendment simply states:
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
That does not mean they can not "contribute", or publish, or provide information (true or false) to publishers. All it means is that Congress shall pass no law abridging the freedom of the press.
Any putative back door's mere existence does not imply use of the back-door without a warrant anymore than possession of a steam iron implies that they read your mail.
(A warrant would be useless without a back door, which is why they might want that in place ahead of time.)
(Before you jump on me: I'm not claiming this was never used (legally or illegally), simply making the case that the insertion of a back door does not in itself constitute any illegal act).
As for the lead maintainer being complicit, that's why its open source, and I suspect many pairs of eyes are looking at this code again this week.
Well it might have existed sometime in the past and been removed long ago, making the point moot.
That code has had extensive revisions, and anything obfuscated enough to hide a backdoor was probably stripped out long ago in the quest for clarity or simply because no one could understand it and demonstrate that it was correct.
Especially in security code, it the lead maintainer can't comprehend the code it becomes immediately suspect.
Due to mild dangers that the animals don't really notice - with their higher breeding rates and shorter lifespans, additional casualties are lost in the noise.
Except there is very little evidence of additional casualties among the wild life. Initially it was expected there would be massive die-offs. There were some early animal deaths to be sure, mostly contained to the first year.
But over all, the wildlife shows no indication of excess birth defects, or higher death rates, even among the herbivores that were eating heavily contaminated grasses.
the risk of a large attack can be estimated by studying the frequency of small attacks
(main article slashdotted as I write this so it take the summary as accurate - fool that I am)...
This would suggest the power law uses small acts to predict big ones. I'm not seeing any reference to time period or location.
So a given pattern/frequency of small attacks (or the lack there of) may have predictive value for large ones in spite of or in addition to all the usual and customary sources used to scare, er, warn the populace.
I'm not so sure you can leap from a simple statement of a predictive tool to a national policy, nor assume that 3000 is the magic number we would have to absorb if we did.
Ooops, I forgot the bit about there being no grounds for challenge.
You never even hear about those challenges that are laughed out of court as being groundless, or so ridiculous no lawyer at the federal level wants to risk his/her reputation.
The fallacy in your fallacy is that in the vast majority of laws passed by congress there is no disaster waiting at the end.
Therefore, there is no automatic cadre of people incensed enough to challenge the laws. Instead we grudgingly admit we should probably wear our seat belts, shouldn't deal in child porn, and move on with our lives. Yet even in those cited areas, there were challenges to the law.
Further, it only takes one successful court case to over turn an unconstitutional law. 20,000 suits don't help. 340 million law suits won't help either. Its no where near an all hands on deck situation.
Not to mention the power requirements in the hand-held to reach a sat in a 475 mile high orbit has got to be way higher than reaching a cell tower 1 to 20 miles away.
So in addition to the need to be outside, you have a short battery life, and the cost of calls is also high.
For anyone in the North America this generally means the market is limited to off-shore boaters and a few places in the western US and far northern areas of Canada.
I seriously doubt speedtest.net or root dns servers would report themselves under attack. My hair-brained scheme only kicks in if a site reports traffic loads they can't handle, or attacks.
As for non-productive traffic, DDOSers go out of their way to make sure no traffic returns. (As it cuts their available DOSing bandwidth). There are ways to detect this.
The only thing that will stop blatantly unconstitutional laws from being passed is for the sponsors of the legislation to be held personally liable for the damages caused by laws ruled unconstitutional.
Good luck with that. Congress people are constitutionally protected in their official actions. Article 1 Section 6.
The Senators and Representatives shall receive a Compensation for their Services, to be ascertained by Law, and paid out of the Treasury of the United States. They shall in all Cases, except Treason, Felony and Breach of the Peace, be privileged from Arrest during their Attendance at the Session of their respective Houses, and in going to and returning from the same; and for any Speech or Debate in either House, they shall not be questioned in any other Place.
The ballot box serves the same purpose.
The best bet would be to form a group to publish a Constitutional Impact Statement on each legislator prior to each election detailing any laws they sponsored or voted for which were subsequently struck down over their entire legislative career.
That's a nice thought, but they aren't challenging "every little thing" the government does, they only challenge things they don't like, and there aren't a similar number of "flaming crazies" challenging other laws that other americans view as blatantly unconstitutional or imposing on freedom.
So what?
If I don't like a law, and find a legal ground for challenge does that mean I am obligated to challenge every other law?
Your reasoning here seems sort of daft to me. Of course people are going to only challenge what the don't like. OTHER people will challenge OTHER laws. Some laws receive no challenges because no one is sufficiently upset about them.
And there are obscenity challenges year in and year out, and the standard has changed over time, by edict of the SCOTUS, who (in case you haven't noticed) is the arbiter of what is or is not unconstitutional, rather than some poster on slashdot.
There are enough people (crazies and normal) to challenge (and re-challenge) everything that need challenging.
Do they really think transferring the domain into their control is even remotely likely? It's one thing when you're talking about a torrent tracker where an injunction alone is unlikely to prevent future infringement. But if the court tells Matt Drudge to take down that photo, I'm pretty sure he'll take it down (once his appeals are exhausted).
He would probably take it down if they sent him a notice via email.
Still the idea that you can take a domain and control of a website as well as the statutory damages of 150k is ridiculous. Why not ask for his house, car, and wife?
I'm not sure any rational adherent of network neutrality espouses the freedom to use the net as a weapon of attack.
You've already violated your terms of service once you launch such an attack. So you've already agreed that such actions on your part are sufficient to kill off your traffic.
If you happen to be a clueless pwned windows user, only the backdoor running on your box would have its traffic blocked, an even then, only when it was participating in a DDOS against a site that advertised that it was under attack.
On the contrary, It might be I know a thing or three about DNS that you haven't' figured out.
There are several examples already in existence of using slightly modified DNS servers for a totally different purpose.
After all, DNS is nothing but a lookup engine and a very fast one at that.
One of the spamassassin plugins of a few years back was called URIBL which used a basic dns engine to look up links sent via email to help determine if the email was spam. It basically did a DNS hit on any URI using custom DNS servers which returned a specific ip indicating the probability that the uri spam. Similar technology is used by Cloudmark on a customized hash of suspected spam content.
The point is the DNS lookup engine is a very quick way to get an IP (or anything else) given a specific input.
Since it need not be done in-line it would not slow down traffic or mess with any DNS servers.
The router simply notices a lot of one way traffic to a specific IP from one or more IPs behind it, and sends a request to the customized query engine. That engine returns a status that the target has advertised itself to be under attack. The router then starts throttling that traffic.
I speculated that such a query engine could be more quickly built out of DNS technology in order to avoid re-inventing the wheel, simply because it is ubiquitous and well understood.
So, none of your dire predictions would come to pass, because checking IPs for presence in the "Under attack" database would a) not need to be done in real time, and b) have nothing at all to do the the existing DNS service.
A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.
So, MSN was clueless. Google was merely slow to act.
I use OpenDNS to block doubleclick but they have a lot of domains they serve under in addition to their own.
I don't begrudge the advertising, I've even been known to click on it occasionally if it interests me. And I don't worry too much about the malware, running Linux and tight filters. But a few jerks like ADShufffle.com screw over all the advertiser. And I wager nothing at all happens to them.
It has the side effect of sending more manufacturing (and publishing) overseas in order for the manufacturer to build in their own First Sale exemption.
Publish in London, (even if you Print in the US) and hang that little "Not for Resale" sticker on every book you print.
Package your game disks in Korea, and forbid resale outright.
This should be addressed in Congress, but unfortunately they are too busy stripping our other rights to worry about this issue.
FBI is not prohibited from "meddling in our publications".
The first amendment simply states:
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
That does not mean they can not "contribute", or publish, or provide information (true or false) to publishers. All it means is that Congress shall pass no law abridging the freedom of the press.
Any putative back door's mere existence does not imply use of the back-door without a warrant anymore than possession of a steam iron implies that they read your mail.
(A warrant would be useless without a back door, which is why they might want that in place ahead of time.)
(Before you jump on me: I'm not claiming this was never used (legally or illegally), simply making the case that the insertion of a back door does not in itself constitute any illegal act).
As for the lead maintainer being complicit, that's why its open source, and I suspect many pairs of eyes are looking at this code again this week.
Well it might have existed sometime in the past and been removed long ago, making the point moot.
That code has had extensive revisions, and anything obfuscated enough to hide a backdoor was probably stripped out long ago in the quest for clarity or simply because no one could understand it and demonstrate that it was correct.
Especially in security code, it the lead maintainer can't comprehend the code it becomes immediately suspect.
Due to mild dangers that the animals don't really notice - with their higher breeding rates and shorter lifespans, additional casualties are lost in the noise.
Except there is very little evidence of additional casualties among the wild life. Initially it was expected there would be massive die-offs. There were some early animal deaths to be sure, mostly contained to the first year.
But over all, the wildlife shows no indication of excess birth defects, or higher death rates, even among the herbivores that were eating heavily contaminated grasses.
What does opening the box have to do with backdoor passwords?
I looked inside the case of my NAS recently, and didn't see any passwords. Does that mean I am safe?
Ah, but the summary did clearly say:
the risk of a large attack can be estimated by studying the frequency of small attacks
(main article slashdotted as I write this so it take the summary as accurate - fool that I am)...
This would suggest the power law uses small acts to predict big ones. I'm not seeing any reference to time period or location.
So a given pattern/frequency of small attacks (or the lack there of) may have predictive value for large ones in spite of or in addition to all the usual and customary sources used to scare, er, warn the populace.
I'm not so sure you can leap from a simple statement of a predictive tool to a national policy, nor assume that 3000 is the magic number we would have to absorb if we did.
As long as it was done strictly by computer and no bias was allowed to creep in, it might be useful.
Some provision for degree of the slapdown and degree of involvement with the legislation.
Maybe something like this for those who voted for the legislation:
1 demerit earned for a partial court strikedown.
5 demerits for a total strike down (these are rare)
Add 10 demerits for being named as a sponsor on the legislation.
All those things are in the public record I believe.
Ooops, I forgot the bit about there being no grounds for challenge.
You never even hear about those challenges that are laughed out of court as being groundless, or so ridiculous no lawyer at the federal level wants to risk his/her reputation.
Then they are not angry enough or their numbers are not yet sufficient.
It doesn't mean there aren't sufficient numbers of people pissed off about other laws,
Yes, by definition of the word "sufficient", it does mean exactly that.
The fallacy in your fallacy is that in the vast majority of laws passed by congress there is no disaster waiting at the end.
Therefore, there is no automatic cadre of people incensed enough to challenge the laws. Instead we grudgingly admit we should probably wear our seat belts, shouldn't deal in child porn, and move on with our lives. Yet even in those cited areas, there were challenges to the law.
Further, it only takes one successful court case to over turn an unconstitutional law. 20,000 suits don't help. 340 million law suits won't help either. Its no where near an all hands on deck situation.
Not to mention the power requirements in the hand-held to reach a sat in a 475 mile high orbit has got to be way higher than reaching a cell tower 1 to 20 miles away.
So in addition to the need to be outside, you have a short battery life, and the cost of calls is also high.
For anyone in the North America this generally means the market is limited to off-shore boaters and a few places in the western US and far northern areas of Canada.
I paid $549 for my Nexus One.
Virtually any top of the line cell phone costs 500 bucks if bought off contract.
I don't think cost of the device is the objection here.
Exactly.
Yet this happens all the time.
But how many of these 16year old kids are doing "properly done DDoS" attacks? (never mind the oxymoron implicit in the quotations.)
Most DOSers don't want a return. Most go out of their way to be sure there won't be a return.
I seriously doubt speedtest.net or root dns servers would report themselves under attack. My hair-brained scheme only kicks in if a site reports traffic loads they can't handle, or attacks.
As for non-productive traffic, DDOSers go out of their way to make sure no traffic returns. (As it cuts their available DOSing bandwidth). There are ways to detect this.
The only thing that will stop blatantly unconstitutional laws from being passed is for the sponsors of the legislation to be held personally liable for the damages caused by laws ruled unconstitutional.
Good luck with that. Congress people are constitutionally protected in their official actions. Article 1 Section 6.
The Senators and Representatives shall receive a Compensation for their Services, to be ascertained by Law, and paid out of the Treasury of the United States. They shall in all Cases, except Treason, Felony and Breach of the Peace, be privileged from Arrest during their Attendance at the Session of their respective Houses, and in going to and returning from the same; and for any Speech or Debate in either House, they shall not be questioned in any other Place.
The ballot box serves the same purpose.
The best bet would be to form a group to publish a Constitutional Impact Statement on each legislator prior to each election detailing any laws they sponsored or voted for which were subsequently struck down over their entire legislative career.
That's a nice thought, but they aren't challenging "every little thing" the government does, they only challenge things they don't like, and there aren't a similar number of "flaming crazies" challenging other laws that other americans view as blatantly unconstitutional or imposing on freedom.
So what?
If I don't like a law, and find a legal ground for challenge does that mean I am obligated to challenge every other law?
Your reasoning here seems sort of daft to me. Of course people are going to only challenge what the don't like. OTHER people will challenge OTHER laws. Some laws receive no challenges because no one is sufficiently upset about them.
And there are obscenity challenges year in and year out, and the standard has changed over time, by edict of the SCOTUS, who (in case you haven't noticed) is the arbiter of what is or is not unconstitutional, rather than some poster on slashdot.
There are enough people (crazies and normal) to challenge (and re-challenge) everything that need challenging.
Do they really think transferring the domain into their control is even remotely likely? It's one thing when you're talking about a torrent tracker where an injunction alone is unlikely to prevent future infringement. But if the court tells Matt Drudge to take down that photo, I'm pretty sure he'll take it down (once his appeals are exhausted).
He would probably take it down if they sent him a notice via email.
Still the idea that you can take a domain and control of a website as well as the statutory damages of 150k is ridiculous. Why not ask for his house, car, and wife?
I'm not sure any rational adherent of network neutrality espouses the freedom to use the net as a weapon of attack.
You've already violated your terms of service once you launch such an attack. So you've already agreed that such actions on your part are sufficient to kill off your traffic.
If you happen to be a clueless pwned windows user, only the backdoor running on your box would have its traffic blocked, an even then, only when it was participating in a DDOS against a site that advertised that it was under attack.
I just don't see the problem here.
On the contrary, It might be I know a thing or three about DNS that you haven't' figured out.
There are several examples already in existence of using slightly modified DNS servers for a totally different purpose.
After all, DNS is nothing but a lookup engine and a very fast one at that.
One of the spamassassin plugins of a few years back was called URIBL which used a basic dns engine to look up links sent via email to help determine if the email was spam. It basically did a DNS hit on any URI using custom DNS servers which returned a specific ip indicating the probability that the uri spam. Similar technology is used by Cloudmark on a customized hash of suspected spam content.
The point is the DNS lookup engine is a very quick way to get an IP (or anything else) given a specific input.
Since it need not be done in-line it would not slow down traffic or mess with any DNS servers.
The router simply notices a lot of one way traffic to a specific IP from one or more IPs behind it, and sends a request to the customized query engine. That engine returns a status that the target has advertised itself to be under attack. The router then starts throttling that traffic.
I speculated that such a query engine could be more quickly built out of DNS technology in order to avoid re-inventing the wheel, simply because it is ubiquitous and well understood.
So, none of your dire predictions would come to pass, because checking IPs for presence in the "Under attack" database would a) not need to be done in real time, and b) have nothing at all to do the the existing DNS service.
Quote Story:
A spokesman for Google, which owns DoubleClick, told the IDG News Service that the malicious ads were only being served for a short amount of time, and that the company's own malware filters detected the ads, as well.
So, MSN was clueless. Google was merely slow to act.
Agreed.
I use OpenDNS to block doubleclick but they have a lot of domains they serve under in addition to their own.
I don't begrudge the advertising, I've even been known to click on it occasionally if it interests me. And I don't worry too much about the malware, running Linux and tight filters. But a few jerks like ADShufffle.com screw over all the advertiser. And I wager nothing at all happens to them.
Doubleclick is Owned by Google, so they probably don't need to tamper.
Oh, ah, Whooosh, I guess.
You will either give up, grow up, or get caught.
Not necessarily in that order.
Once you get out of your mom's basement and discover girls you will find that your mission in life is not to police the world from the end of a wire.